[PATCH 1/4] fix leak of fragment queue at unloading
yasuyuki.kozakai at toshiba.co.jp
Sun Nov 13 16:15:04 CET 2005
From: Harald Welte <laforge at netfilter.org>
Date: Sun, 13 Nov 2005 14:03:34 +0100
> On Sun, Nov 13, 2005 at 01:56:27PM +0100, Harald Welte wrote:
> > > Sorry for short explanation. This function may be called when memory usage
> > > exceeds threshold. And I just want to be noticed existence of bug
> > > in memory tracking and avoid NULL pointer access.
> > ok, in this case I think the error message should be more verbose.
> > > > Please comment.
> > >
> > > Is it overly cautions to avoid NULL pointer access in this case ?
> > I'd have to study the code in more detail. It depends on the question:
> > Under which circumstances can we have a NULL pointer?
> After looking at the code, this function is only called from
> 1) module unload time
> Here it is clear, that there are valid cases where we would have a NULL
> pointer (empty fraq queue). Let's assume we've never even processed a
> single fragment [or even not a single ipv6 packet], e.g.
> So in this case, it is a bug to print a KERN_ERR message.
> 2) when the amount of memory used by the defrag code is higher than the
> In this case, there's actually a bug in the memory usage accounting
> code. Do you suspect any such errors at the moment?
No, in the current ;) But nf_conntrack_reasm.c is newer than other part and
I can not deny possibility.
> I think this is a
> candidate for an ASSERT, or maybe even better a BUG_ON().
> We're talking about a condition that should never happen, and if it
> does, we want to make sure to have users report it and fix it fast. If
> the kernel oopses, that condition is fulfilled ;)
> So unless I'm missing some point (I'm not as familiar with the code as
> you), I'd suggest that you resubmit the patch with a BUG_ON(tmp == NULL)
I totally agree. I attached new one.
-- Yasuyuki Kozakai
-------------- next part --------------
[NETFILTER] fix leak of fragment queue at unloading nf_conntrack_ipv6
This makes nf_conntrack_ipv6 free all IPv6 fragment queues at unloading.
This also check NULL pointer access due to bug of memory accounting.
Thanks to Harald Welte for suggestion.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp>
author Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp> Sun, 13 Nov 2005 22:47:32 +0900
committer Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp> Sun, 13 Nov 2005 22:47:32 +0900
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 2d0c49e..3e31903 100644
@@ -269,6 +269,7 @@ static void nf_ct_frag6_evictor(void)
tmp = nf_ct_frag6_lru_list.next;
+ BUG_ON(tmp == NULL);
fq = list_entry(tmp, struct nf_ct_frag6_queue, lru_list);
@@ -878,5 +879,6 @@ int nf_ct_frag6_init(void)
+ nf_ct_frag6_low_thresh = 0;
More information about the netfilter-devel